FKIE_CVE-2026-3343

Vulnerability from fkie_nvd - Published: 2026-03-03 14:15 - Updated: 2026-03-04 19:34
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1.
References
5d1c2695-1a31-4499-88ae-e847036fd7e3https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004Vendor Advisory
Impacted products
Vendor Product Version
watchguard fireware *
watchguard firebox_m270 -
watchguard firebox_m290 -
watchguard firebox_m370 -
watchguard firebox_m390 -
watchguard firebox_m440 -
watchguard firebox_m4600 -
watchguard firebox_m470 -
watchguard firebox_m4800 -
watchguard firebox_m5600 -
watchguard firebox_m570 -
watchguard firebox_m5800 -
watchguard firebox_m590 -
watchguard firebox_m670 -
watchguard firebox_m690 -
watchguard firebox_nv5 -
watchguard firebox_t20 -
watchguard firebox_t25 -
watchguard firebox_t40 -
watchguard firebox_t45 -
watchguard firebox_t55 -
watchguard firebox_t70 -
watchguard firebox_t80 -
watchguard firebox_t85 -
watchguard fireboxcloud -
watchguard fireboxv -
watchguard fireware *
watchguard firebox_m295 -
watchguard firebox_m395 -
watchguard firebox_m495 -
watchguard firebox_m595 -
watchguard firebox_m695 -
watchguard firebox_t115-w -
watchguard firebox_t125 -
watchguard firebox_t125-w -
watchguard firebox_t145 -
watchguard firebox_t145-w -
watchguard firebox_t185 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A96DE7F-D807-4BC7-BECE-D0281939D36C",
              "versionEndExcluding": "12.11.8",
              "versionStartIncluding": "12.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E472917E-D6E1-4C2D-B37D-E76FCC7307CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m290:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8C7779-4466-4A9E-B191-929E7746DFF7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m370:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CE9A123-B769-4E56-845E-DC3DA6166C78",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m390:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "180FAE8C-2E73-4C09-AA11-0C82A7715FA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "309DBEF2-1D92-4641-827F-D99758B5FFA3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m4600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1E8CFC5-51FE-4D75-845F-D70C30AF11B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBFBA966-E052-4350-9544-3B5D484DBB6B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m4800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF1E586D-0E88-447A-95E8-5203EF869ADB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m5600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC087C4-CB10-46D4-A746-0C462354410C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m570:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59389EA2-3067-4AF8-AEC5-FE79E269C170",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m5800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "445FA7CD-D0AE-4176-9AE5-293B918DE654",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m590:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B4A7366-0304-431E-B3E4-719BA575CEAC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m670:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8512B4A-5269-4067-B9C6-475A4E8AD313",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m690:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "179C6166-87E1-44F8-B727-CDDE40C673D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_nv5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "584107CC-6136-4AA1-AE68-73B93BDDB5B6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t20:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9295217E-C1A0-4A69-A0F0-C44814BB376C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t25:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC49246-2166-4681-8D67-4C0940884872",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC853916-8BDC-4F7C-BA53-D6AB490A9444",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t45:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCB1A254-DA3C-4032-B2C6-C9EBCE8EC15E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t55:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3562304-0317-4A3C-B622-D5CE01CC97F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t70:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "327BA50A-366A-4367-93B8-328EC0136FA7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D92ABD52-20F6-4AB1-801F-9E7B7B1B78A1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t85:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3552F3BB-8021-4E87-987D-870699A7E619",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:fireboxcloud:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "158560A0-D694-41AF-A5F8-0F6FB3EFB8FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:fireboxv:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ECAE1D7-9868-4730-B645-44CB1B6FDE96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:watchguard:fireware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0AAD6D-2794-444D-9866-3E81B1EE2E26",
              "versionEndExcluding": "2026.1.2",
              "versionStartIncluding": "2025.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m295:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "615FF2CF-69DA-4890-9236-52D8D6FA0E71",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m395:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3439409-2FD6-447B-91CF-17D1C09E2A79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m495:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C0412F-AB02-4D13-B159-D0FCD2ECA3ED",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m595:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "575CC5EE-0278-489B-AA95-5EC5058D6FB9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_m695:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5597F672-3C72-4BCF-AD3F-F16B6913EC2F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t115-w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8AAE66B-DD19-4C90-8DFC-F77BA1541642",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t125:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FC18430-C6B4-4395-BFF1-83BB005875BA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t125-w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7C1C91-8B6E-4FB0-841E-7F88B06B1435",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t145:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FE309D6-BD5E-4D18-91C3-A492C3576115",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t145-w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75959D39-0960-4836-96C7-DB8048DDE4B8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:watchguard:firebox_t185:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0087049-27C6-4B18-A645-72A8F63D7C6D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user\u0027s browser when they click on a specially crafted link.\n\nThis vulnerability affects Fireware OS 12.7 up to and including 12.11.7 and 2025.1 up to and including 2026.1.1."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en la interfaz de usuario web de Fireware OS permiti\u00f3 la ejecuci\u00f3n de JavaScript malicioso en el contexto del navegador de un usuario de gesti\u00f3n autenticado cuando hacen clic en un enlace especialmente dise\u00f1ado.\n\nEsta vulnerabilidad afecta a Fireware OS 12.7 hasta e incluyendo 12.11.7 y 2025.1 hasta e incluyendo 2026.1.1."
    }
  ],
  "id": "CVE-2026-3343",
  "lastModified": "2026-03-04T19:34:56.143",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-03T14:15:57.687",
  "references": [
    {
      "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00004"
    }
  ],
  "sourceIdentifier": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "5d1c2695-1a31-4499-88ae-e847036fd7e3",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.